config firewall profile-protocol-options
Description: Configure protocol options.
edit <name>
set comment {var-string}
set replacemsg-group {string}
set oversize-log [disable|enable]
set switching-protocols-log [disable|enable]
config http
Description: Configure HTTP protocol options.
set ports {integer}
set status [enable|disable]
set inspect-all [enable|disable]
set options {option1}, {option2}, ...
set comfort-interval {integer}
set comfort-amount {integer}
set range-block [disable|enable]
set strip-x-forwarded-for [disable|enable]
set post-lang {option1}, {option2}, ...
set fortinet-bar [enable|disable]
set fortinet-bar-port {integer}
set streaming-content-bypass [enable|disable]
set switching-protocols [bypass|block]
set oversize-limit {integer}
set uncompressed-oversize-limit {integer}
set uncompressed-nest-limit {integer}
set stream-based-uncompressed-limit {integer}
set scan-bzip2 [enable|disable]
set block-page-status-code {integer}
set retry-count {integer}
set tcp-window-type [system|static|...]
set tcp-window-minimum {integer}
set tcp-window-maximum {integer}
set tcp-window-size {integer}
set ssl-offloaded [no|yes]
end
config ftp
Description: Configure FTP protocol options.
set ports {integer}
set status [enable|disable]
set inspect-all [enable|disable]
set options {option1}, {option2}, ...
set comfort-interval {integer}
set comfort-amount {integer}
set oversize-limit {integer}
set uncompressed-oversize-limit {integer}
set uncompressed-nest-limit {integer}
set scan-bzip2 [enable|disable]
set ssl-offloaded [no|yes]
end
config imap
Description: Configure IMAP protocol options.
set ports {integer}
set status [enable|disable]
set inspect-all [enable|disable]
set options {option1}, {option2}, ...
set oversize-limit {integer}
set uncompressed-oversize-limit {integer}
set uncompressed-nest-limit {integer}
set scan-bzip2 [enable|disable]
set ssl-offloaded [no|yes]
end
config mapi
Description: Configure MAPI protocol options.
set ports {integer}
set status [enable|disable]
set options {option1}, {option2}, ...
set oversize-limit {integer}
set uncompressed-oversize-limit {integer}
set uncompressed-nest-limit {integer}
set scan-bzip2 [enable|disable]
end
config pop3
Description: Configure POP3 protocol options.
set ports {integer}
set status [enable|disable]
set inspect-all [enable|disable]
set options {option1}, {option2}, ...
set oversize-limit {integer}
set uncompressed-oversize-limit {integer}
set uncompressed-nest-limit {integer}
set scan-bzip2 [enable|disable]
set ssl-offloaded [no|yes]
end
config smtp
Description: Configure SMTP protocol options.
set ports {integer}
set status [enable|disable]
set inspect-all [enable|disable]
set options {option1}, {option2}, ...
set oversize-limit {integer}
set uncompressed-oversize-limit {integer}
set uncompressed-nest-limit {integer}
set scan-bzip2 [enable|disable]
set server-busy [enable|disable]
set ssl-offloaded [no|yes]
end
config nntp
Description: Configure NNTP protocol options.
set ports {integer}
set status [enable|disable]
set inspect-all [enable|disable]
set options {option1}, {option2}, ...
set oversize-limit {integer}
set uncompressed-oversize-limit {integer}
set uncompressed-nest-limit {integer}
set scan-bzip2 [enable|disable]
end
config ssh
Description: Configure SFTP and SCP protocol options.
set options {option1}, {option2}, ...
set comfort-interval {integer}
set comfort-amount {integer}
set oversize-limit {integer}
set uncompressed-oversize-limit {integer}
set uncompressed-nest-limit {integer}
set scan-bzip2 [enable|disable]
end
config dns
Description: Configure DNS protocol options.
set ports {integer}
set status [enable|disable]
end
config cifs
Description: Configure CIFS protocol options.
set ports {integer}
set status [enable|disable]
end
config mail-signature
Description: Configure Mail signature.
set status [disable|enable]
set signature {string}
end
set rpc-over-http [enable|disable]
next
end
Parameter Name | Description | Type | Size |
---|---|---|---|
comment | Optional comments. | var-string | Maximum length: 255 |
replacemsg-group | Name of the replacement message group to be used | string | Maximum length: 35 |
oversize-log | Enable/disable logging for antivirus oversize file blocking. disable: Disable logging for antivirus oversize file blocking. enable: Enable logging for antivirus oversize file blocking. |
option | - |
switching-protocols-log | Enable/disable logging for HTTP/HTTPS switching protocols. disable: Disable logging for HTTP/HTTPS switching protocols. enable: Enable logging for HTTP/HTTPS switching protocols. |
option | - |
rpc-over-http | Enable/disable inspection of RPC over HTTP. enable: Enable inspection of RPC over HTTP. disable: Disable inspection of RPC over HTTP. |
option | - |
Parameter Name | Description | Type | Size |
---|---|---|---|
ports | Ports to scan for content (1 - 65535, default = 80). | integer | Minimum value: 1 Maximum value: 65535 |
status | Enable/disable the active status of scanning for this protocol. enable: Enable setting. disable: Disable setting. |
option | - |
inspect-all | Enable/disable the inspection of all ports for the protocol. enable: Enable setting. disable: Disable setting. |
option | - |
options | One or more options that can be applied to the session. clientcomfort: Prevent client timeout. servercomfort: Prevent server timeout. oversize: Block oversized file/email. chunkedbypass: Bypass chunked transfer encoded sites. |
option | - |
comfort-interval | Period of time between start, or last transmission, and the next client comfort transmission of data (1 - 900 sec, default = 10). | integer | Minimum value: 1 Maximum value: 900 |
comfort-amount | Amount of data to send in a transmission for client comforting (1 - 65535 bytes, default = 1). | integer | Minimum value: 1 Maximum value: 65535 |
range-block | Enable/disable blocking of partial downloads. disable: Disable blocking of partial downloads. enable: Enable blocking of partial downloads. |
option | - |
strip-x-forwarded-for | Enable/disable stripping of HTTP X-Forwarded-For header. disable: Disable changing of HTTP X-Forwarded-For header. enable: Enable replacement of X-Forwarded-For value with 1.1.1.1. |
option | - |
post-lang | ID codes for character sets to be used to convert to UTF-8 for banned words and DLP on HTTP posts (maximum of 5 character sets). jisx0201: Japanese Industrial Standard 0201. jisx0208: Japanese Industrial Standard 0208. jisx0212: Japanese Industrial Standard 0212. gb2312: Guojia Biaozhun 2312 (simplified Chinese). ksc5601-ex: Wansung Korean standard 5601. euc-jp: Extended Unicode Japanese. sjis: Shift Japanese Industrial Standard. iso2022-jp: ISO 2022 Japanese. iso2022-jp-1: ISO 2022-1 Japanese. iso2022-jp-2: ISO 2022-2 Japanese. euc-cn: Extended Unicode Chinese. ces-gbk: Extended GB2312 (simplified Chinese). hz: Hanzi simplified Chinese. ces-big5: Big-5 traditional Chinese. euc-kr: Extended Unicode Korean. iso2022-jp-3: ISO 2022-3 Japanese. iso8859-1: ISO 8859 Part 1 (Western European). tis620: Thai Industrial Standard 620. cp874: Code Page 874 (Thai). cp1252: Code Page 1252 (Western European Latin). cp1251: Code Page 1251 (Cyrillic). |
option | - |
fortinet-bar | Enable/disable Fortinet bar on HTML content. enable: Enable setting. disable: Disable setting. |
option | - |
fortinet-bar-port | Port for use by Fortinet Bar (1 - 65535, default = 8011). | integer | Minimum value: 1 Maximum value: 65535 |
streaming-content-bypass | Enable/disable bypassing of streaming content from buffering. enable: Enable setting. disable: Disable setting. |
option | - |
switching-protocols | Bypass from scanning, or block a connection that attempts to switch protocol. bypass: Bypass connections when switching protocols. block: Block connections when switching protocols. |
option | - |
oversize-limit | Maximum in-memory file size that can be scanned (1 - 383 MB, default = 10). | integer | Minimum value: 1 Maximum value: 6446 |
uncompressed-oversize-limit | Maximum in-memory uncompressed file size that can be scanned (0 - 383 MB, 0 = unlimited, default = 10). | integer | Minimum value: 0 Maximum value: 6446 |
uncompressed-nest-limit | Maximum nested levels of compression that can be uncompressed and scanned (2 - 100, default = 12). | integer | Minimum value: 2 Maximum value: 100 |
stream-based-uncompressed-limit | Maximum stream-based uncompressed data size that will be scanned (MB, 0 = unlimited (default). Stream-based uncompression used only under certain conditions.). | integer | Minimum value: 0 Maximum value: 4294967295 |
scan-bzip2 | Enable/disable scanning of BZip2 compressed files. enable: Enable setting. disable: Disable setting. |
option | - |
block-page-status-code | Code number returned for blocked HTTP pages (non-FortiGuard only) (100 - 599, default = 403). | integer | Minimum value: 100 Maximum value: 599 |
retry-count | Number of attempts to retry HTTP connection (0 - 100, default = 0). | integer | Minimum value: 0 Maximum value: 100 |
tcp-window-type | Specify type of TCP window to use for this protocol. system: Use system default TCP window size for this protocol (Default). static: Manually specify TCP window size. dynamic: Vary TCP window size based on available memory, within limits. |
option | - |
tcp-window-minimum | Minimum dynamic TCP window size (default = 128KB). | integer | Minimum value: 65536 Maximum value: 1048576 |
tcp-window-maximum | Maximum dynamic TCP window size (default = 8MB). | integer | Minimum value: 1048576 Maximum value: 33554432 |
tcp-window-size | Set TCP static window size (default = 256KB). | integer | Minimum value: 65536 Maximum value: 33554432 |
ssl-offloaded | SSL decryption and encryption performed by an external device. no: SSL decryption and encryption performed by FortiGate when deep-inspection is enabled. yes: SSL decryption and encryption performed by an external device. |
option | - |
Parameter Name | Description | Type | Size |
---|---|---|---|
ports | Ports to scan for content (1 - 65535, default = 21). | integer | Minimum value: 1 Maximum value: 65535 |
status | Enable/disable the active status of scanning for this protocol. enable: Enable setting. disable: Disable setting. |
option | - |
inspect-all | Enable/disable the inspection of all ports for the protocol. enable: Enable setting. disable: Disable setting. |
option | - |
options | One or more options that can be applied to the session. clientcomfort: Prevent client timeout. oversize: Block oversized file/email. splice: Enable splice mode. bypass-rest-command: Bypass REST command. bypass-mode-command: Bypass MODE command. |
option | - |
comfort-interval | Period of time between start, or last transmission, and the next client comfort transmission of data (1 - 900 sec, default = 10). | integer | Minimum value: 1 Maximum value: 900 |
comfort-amount | Amount of data to send in a transmission for client comforting (1 - 65535 bytes, default = 1). | integer | Minimum value: 1 Maximum value: 65535 |
oversize-limit | Maximum in-memory file size that can be scanned (1 - 383 MB, default = 10). | integer | Minimum value: 1 Maximum value: 6446 |
uncompressed-oversize-limit | Maximum in-memory uncompressed file size that can be scanned (0 - 383 MB, 0 = unlimited, default = 10). | integer | Minimum value: 0 Maximum value: 6446 |
uncompressed-nest-limit | Maximum nested levels of compression that can be uncompressed and scanned (2 - 100, default = 12). | integer | Minimum value: 2 Maximum value: 100 |
scan-bzip2 | Enable/disable scanning of BZip2 compressed files. enable: Enable setting. disable: Disable setting. |
option | - |
ssl-offloaded | SSL decryption and encryption performed by an external device. no: SSL decryption and encryption performed by FortiGate when deep-inspection is enabled. yes: SSL decryption and encryption performed by an external device. |
option | - |
Parameter Name | Description | Type | Size |
---|---|---|---|
ports | Ports to scan for content (1 - 65535, default = 143). | integer | Minimum value: 1 Maximum value: 65535 |
status | Enable/disable the active status of scanning for this protocol. enable: Enable setting. disable: Disable setting. |
option | - |
inspect-all | Enable/disable the inspection of all ports for the protocol. enable: Enable setting. disable: Disable setting. |
option | - |
options | One or more options that can be applied to the session. fragmail: Pass fragmented email. oversize: Block oversized file/email. |
option | - |
oversize-limit | Maximum in-memory file size that can be scanned (1 - 383 MB, default = 10). | integer | Minimum value: 1 Maximum value: 6446 |
uncompressed-oversize-limit | Maximum in-memory uncompressed file size that can be scanned (0 - 383 MB, 0 = unlimited, default = 10). | integer | Minimum value: 0 Maximum value: 6446 |
uncompressed-nest-limit | Maximum nested levels of compression that can be uncompressed and scanned (2 - 100, default = 12). | integer | Minimum value: 2 Maximum value: 100 |
scan-bzip2 | Enable/disable scanning of BZip2 compressed files. enable: Enable setting. disable: Disable setting. |
option | - |
ssl-offloaded | SSL decryption and encryption performed by an external device. no: SSL decryption and encryption performed by FortiGate when deep-inspection is enabled. yes: SSL decryption and encryption performed by an external device. |
option | - |
Parameter Name | Description | Type | Size |
---|---|---|---|
ports | Ports to scan for content (1 - 65535, default = 135). | integer | Minimum value: 1 Maximum value: 65535 |
status | Enable/disable the active status of scanning for this protocol. enable: Enable setting. disable: Disable setting. |
option | - |
options | One or more options that can be applied to the session. fragmail: Pass fragmented email. oversize: Block oversized file/email. |
option | - |
oversize-limit | Maximum in-memory file size that can be scanned (1 - 383 MB, default = 10). | integer | Minimum value: 1 Maximum value: 6446 |
uncompressed-oversize-limit | Maximum in-memory uncompressed file size that can be scanned (0 - 383 MB, 0 = unlimited, default = 10). | integer | Minimum value: 0 Maximum value: 6446 |
uncompressed-nest-limit | Maximum nested levels of compression that can be uncompressed and scanned (2 - 100, default = 12). | integer | Minimum value: 2 Maximum value: 100 |
scan-bzip2 | Enable/disable scanning of BZip2 compressed files. enable: Enable setting. disable: Disable setting. |
option | - |
Parameter Name | Description | Type | Size |
---|---|---|---|
ports | Ports to scan for content (1 - 65535, default = 110). | integer | Minimum value: 1 Maximum value: 65535 |
status | Enable/disable the active status of scanning for this protocol. enable: Enable setting. disable: Disable setting. |
option | - |
inspect-all | Enable/disable the inspection of all ports for the protocol. enable: Enable setting. disable: Disable setting. |
option | - |
options | One or more options that can be applied to the session. fragmail: Pass fragmented email. oversize: Block oversized file/email. |
option | - |
oversize-limit | Maximum in-memory file size that can be scanned (1 - 383 MB, default = 10). | integer | Minimum value: 1 Maximum value: 6446 |
uncompressed-oversize-limit | Maximum in-memory uncompressed file size that can be scanned (0 - 383 MB, 0 = unlimited, default = 10). | integer | Minimum value: 0 Maximum value: 6446 |
uncompressed-nest-limit | Maximum nested levels of compression that can be uncompressed and scanned (2 - 100, default = 12). | integer | Minimum value: 2 Maximum value: 100 |
scan-bzip2 | Enable/disable scanning of BZip2 compressed files. enable: Enable setting. disable: Disable setting. |
option | - |
ssl-offloaded | SSL decryption and encryption performed by an external device. no: SSL decryption and encryption performed by FortiGate when deep-inspection is enabled. yes: SSL decryption and encryption performed by an external device. |
option | - |
Parameter Name | Description | Type | Size |
---|---|---|---|
ports | Ports to scan for content (1 - 65535, default = 25). | integer | Minimum value: 1 Maximum value: 65535 |
status | Enable/disable the active status of scanning for this protocol. enable: Enable setting. disable: Disable setting. |
option | - |
inspect-all | Enable/disable the inspection of all ports for the protocol. enable: Enable setting. disable: Disable setting. |
option | - |
options | One or more options that can be applied to the session. fragmail: Pass fragmented email. oversize: Block oversized file/email. splice: Enable splice mode. |
option | - |
oversize-limit | Maximum in-memory file size that can be scanned (1 - 383 MB, default = 10). | integer | Minimum value: 1 Maximum value: 6446 |
uncompressed-oversize-limit | Maximum in-memory uncompressed file size that can be scanned (0 - 383 MB, 0 = unlimited, default = 10). | integer | Minimum value: 0 Maximum value: 6446 |
uncompressed-nest-limit | Maximum nested levels of compression that can be uncompressed and scanned (2 - 100, default = 12). | integer | Minimum value: 2 Maximum value: 100 |
scan-bzip2 | Enable/disable scanning of BZip2 compressed files. enable: Enable setting. disable: Disable setting. |
option | - |
server-busy | Enable/disable SMTP server busy when server not available. enable: Enable setting. disable: Disable setting. |
option | - |
ssl-offloaded | SSL decryption and encryption performed by an external device. no: SSL decryption and encryption performed by FortiGate when deep-inspection is enabled. yes: SSL decryption and encryption performed by an external device. |
option | - |
Parameter Name | Description | Type | Size |
---|---|---|---|
ports | Ports to scan for content (1 - 65535, default = 119). | integer | Minimum value: 1 Maximum value: 65535 |
status | Enable/disable the active status of scanning for this protocol. enable: Enable setting. disable: Disable setting. |
option | - |
inspect-all | Enable/disable the inspection of all ports for the protocol. enable: Enable setting. disable: Disable setting. |
option | - |
options | One or more options that can be applied to the session. oversize: Block oversized file/email. splice: Enable splice mode. |
option | - |
oversize-limit | Maximum in-memory file size that can be scanned (1 - 383 MB, default = 10). | integer | Minimum value: 1 Maximum value: 6446 |
uncompressed-oversize-limit | Maximum in-memory uncompressed file size that can be scanned (0 - 383 MB, 0 = unlimited, default = 10). | integer | Minimum value: 0 Maximum value: 6446 |
uncompressed-nest-limit | Maximum nested levels of compression that can be uncompressed and scanned (2 - 100, default = 12). | integer | Minimum value: 2 Maximum value: 100 |
scan-bzip2 | Enable/disable scanning of BZip2 compressed files. enable: Enable setting. disable: Disable setting. |
option | - |
Parameter Name | Description | Type | Size |
---|---|---|---|
options | One or more options that can be applied to the session. oversize: Block oversized file/email. clientcomfort: Prevent client timeout. servercomfort: Prevent server timeout. |
option | - |
comfort-interval | Period of time between start, or last transmission, and the next client comfort transmission of data (1 - 900 sec, default = 10). | integer | Minimum value: 1 Maximum value: 900 |
comfort-amount | Amount of data to send in a transmission for client comforting (1 - 65535 bytes, default = 1). | integer | Minimum value: 1 Maximum value: 65535 |
oversize-limit | Maximum in-memory file size that can be scanned (1 - 383 MB, default = 10). | integer | Minimum value: 1 Maximum value: 6446 |
uncompressed-oversize-limit | Maximum in-memory uncompressed file size that can be scanned (0 - 383 MB, 0 = unlimited, default = 10). | integer | Minimum value: 0 Maximum value: 6446 |
uncompressed-nest-limit | Maximum nested levels of compression that can be uncompressed and scanned (2 - 100, default = 12). | integer | Minimum value: 2 Maximum value: 100 |
scan-bzip2 | Enable/disable scanning of BZip2 compressed files. enable: Enable setting. disable: Disable setting. |
option | - |
Parameter Name | Description | Type | Size |
---|---|---|---|
ports | Ports to scan for content (1 - 65535, default = 53). | integer | Minimum value: 1 Maximum value: 65535 |
status | Enable/disable the active status of scanning for this protocol. enable: Enable setting. disable: Disable setting. |
option | - |
Parameter Name | Description | Type | Size |
---|---|---|---|
ports | Ports to scan for content (1 - 65535, default = 445). | integer | Minimum value: 1 Maximum value: 65535 |
status | Enable/disable the active status of scanning for this protocol. enable: Enable setting. disable: Disable setting. |
option | - |
Parameter Name | Description | Type | Size |
---|---|---|---|
status | Enable/disable adding an email signature to SMTP email messages as they pass through the FortiGate. disable: Disable mail signature. enable: Enable mail signature. |
option | - |
signature | Email signature to be added to outgoing email (if the signature contains spaces, enclose with quotation marks). | string | Maximum length: 1023 |
config firewall profile-protocol-options
Description: Configure protocol options.
edit <name>
set comment {var-string}
set replacemsg-group {string}
set oversize-log [disable|enable]
set switching-protocols-log [disable|enable]
config http
Description: Configure HTTP protocol options.
set ports {integer}
set status [enable|disable]
set inspect-all [enable|disable]
set options {option1}, {option2}, ...
set comfort-interval {integer}
set comfort-amount {integer}
set range-block [disable|enable]
set strip-x-forwarded-for [disable|enable]
set post-lang {option1}, {option2}, ...
set fortinet-bar [enable|disable]
set fortinet-bar-port {integer}
set streaming-content-bypass [enable|disable]
set switching-protocols [bypass|block]
set oversize-limit {integer}
set uncompressed-oversize-limit {integer}
set uncompressed-nest-limit {integer}
set stream-based-uncompressed-limit {integer}
set scan-bzip2 [enable|disable]
set block-page-status-code {integer}
set retry-count {integer}
set tcp-window-type [system|static|...]
set tcp-window-minimum {integer}
set tcp-window-maximum {integer}
set tcp-window-size {integer}
set ssl-offloaded [no|yes]
end
config ftp
Description: Configure FTP protocol options.
set ports {integer}
set status [enable|disable]
set inspect-all [enable|disable]
set options {option1}, {option2}, ...
set comfort-interval {integer}
set comfort-amount {integer}
set oversize-limit {integer}
set uncompressed-oversize-limit {integer}
set uncompressed-nest-limit {integer}
set scan-bzip2 [enable|disable]
set ssl-offloaded [no|yes]
end
config imap
Description: Configure IMAP protocol options.
set ports {integer}
set status [enable|disable]
set inspect-all [enable|disable]
set options {option1}, {option2}, ...
set oversize-limit {integer}
set uncompressed-oversize-limit {integer}
set uncompressed-nest-limit {integer}
set scan-bzip2 [enable|disable]
set ssl-offloaded [no|yes]
end
config mapi
Description: Configure MAPI protocol options.
set ports {integer}
set status [enable|disable]
set options {option1}, {option2}, ...
set oversize-limit {integer}
set uncompressed-oversize-limit {integer}
set uncompressed-nest-limit {integer}
set scan-bzip2 [enable|disable]
end
config pop3
Description: Configure POP3 protocol options.
set ports {integer}
set status [enable|disable]
set inspect-all [enable|disable]
set options {option1}, {option2}, ...
set oversize-limit {integer}
set uncompressed-oversize-limit {integer}
set uncompressed-nest-limit {integer}
set scan-bzip2 [enable|disable]
set ssl-offloaded [no|yes]
end
config smtp
Description: Configure SMTP protocol options.
set ports {integer}
set status [enable|disable]
set inspect-all [enable|disable]
set options {option1}, {option2}, ...
set oversize-limit {integer}
set uncompressed-oversize-limit {integer}
set uncompressed-nest-limit {integer}
set scan-bzip2 [enable|disable]
set server-busy [enable|disable]
set ssl-offloaded [no|yes]
end
config nntp
Description: Configure NNTP protocol options.
set ports {integer}
set status [enable|disable]
set inspect-all [enable|disable]
set options {option1}, {option2}, ...
set oversize-limit {integer}
set uncompressed-oversize-limit {integer}
set uncompressed-nest-limit {integer}
set scan-bzip2 [enable|disable]
end
config ssh
Description: Configure SFTP and SCP protocol options.
set options {option1}, {option2}, ...
set comfort-interval {integer}
set comfort-amount {integer}
set oversize-limit {integer}
set uncompressed-oversize-limit {integer}
set uncompressed-nest-limit {integer}
set scan-bzip2 [enable|disable]
end
config dns
Description: Configure DNS protocol options.
set ports {integer}
set status [enable|disable]
end
config cifs
Description: Configure CIFS protocol options.
set ports {integer}
set status [enable|disable]
end
config mail-signature
Description: Configure Mail signature.
set status [disable|enable]
set signature {string}
end
set rpc-over-http [enable|disable]
next
end
Parameter Name | Description | Type | Size |
---|---|---|---|
comment | Optional comments. | var-string | Maximum length: 255 |
replacemsg-group | Name of the replacement message group to be used | string | Maximum length: 35 |
oversize-log | Enable/disable logging for antivirus oversize file blocking. disable: Disable logging for antivirus oversize file blocking. enable: Enable logging for antivirus oversize file blocking. |
option | - |
switching-protocols-log | Enable/disable logging for HTTP/HTTPS switching protocols. disable: Disable logging for HTTP/HTTPS switching protocols. enable: Enable logging for HTTP/HTTPS switching protocols. |
option | - |
rpc-over-http | Enable/disable inspection of RPC over HTTP. enable: Enable inspection of RPC over HTTP. disable: Disable inspection of RPC over HTTP. |
option | - |
Parameter Name | Description | Type | Size |
---|---|---|---|
ports | Ports to scan for content (1 - 65535, default = 80). | integer | Minimum value: 1 Maximum value: 65535 |
status | Enable/disable the active status of scanning for this protocol. enable: Enable setting. disable: Disable setting. |
option | - |
inspect-all | Enable/disable the inspection of all ports for the protocol. enable: Enable setting. disable: Disable setting. |
option | - |
options | One or more options that can be applied to the session. clientcomfort: Prevent client timeout. servercomfort: Prevent server timeout. oversize: Block oversized file/email. chunkedbypass: Bypass chunked transfer encoded sites. |
option | - |
comfort-interval | Period of time between start, or last transmission, and the next client comfort transmission of data (1 - 900 sec, default = 10). | integer | Minimum value: 1 Maximum value: 900 |
comfort-amount | Amount of data to send in a transmission for client comforting (1 - 65535 bytes, default = 1). | integer | Minimum value: 1 Maximum value: 65535 |
range-block | Enable/disable blocking of partial downloads. disable: Disable blocking of partial downloads. enable: Enable blocking of partial downloads. |
option | - |
strip-x-forwarded-for | Enable/disable stripping of HTTP X-Forwarded-For header. disable: Disable changing of HTTP X-Forwarded-For header. enable: Enable replacement of X-Forwarded-For value with 1.1.1.1. |
option | - |
post-lang | ID codes for character sets to be used to convert to UTF-8 for banned words and DLP on HTTP posts (maximum of 5 character sets). jisx0201: Japanese Industrial Standard 0201. jisx0208: Japanese Industrial Standard 0208. jisx0212: Japanese Industrial Standard 0212. gb2312: Guojia Biaozhun 2312 (simplified Chinese). ksc5601-ex: Wansung Korean standard 5601. euc-jp: Extended Unicode Japanese. sjis: Shift Japanese Industrial Standard. iso2022-jp: ISO 2022 Japanese. iso2022-jp-1: ISO 2022-1 Japanese. iso2022-jp-2: ISO 2022-2 Japanese. euc-cn: Extended Unicode Chinese. ces-gbk: Extended GB2312 (simplified Chinese). hz: Hanzi simplified Chinese. ces-big5: Big-5 traditional Chinese. euc-kr: Extended Unicode Korean. iso2022-jp-3: ISO 2022-3 Japanese. iso8859-1: ISO 8859 Part 1 (Western European). tis620: Thai Industrial Standard 620. cp874: Code Page 874 (Thai). cp1252: Code Page 1252 (Western European Latin). cp1251: Code Page 1251 (Cyrillic). |
option | - |
fortinet-bar | Enable/disable Fortinet bar on HTML content. enable: Enable setting. disable: Disable setting. |
option | - |
fortinet-bar-port | Port for use by Fortinet Bar (1 - 65535, default = 8011). | integer | Minimum value: 1 Maximum value: 65535 |
streaming-content-bypass | Enable/disable bypassing of streaming content from buffering. enable: Enable setting. disable: Disable setting. |
option | - |
switching-protocols | Bypass from scanning, or block a connection that attempts to switch protocol. bypass: Bypass connections when switching protocols. block: Block connections when switching protocols. |
option | - |
oversize-limit | Maximum in-memory file size that can be scanned (1 - 383 MB, default = 10). | integer | Minimum value: 1 Maximum value: 6446 |
uncompressed-oversize-limit | Maximum in-memory uncompressed file size that can be scanned (0 - 383 MB, 0 = unlimited, default = 10). | integer | Minimum value: 0 Maximum value: 6446 |
uncompressed-nest-limit | Maximum nested levels of compression that can be uncompressed and scanned (2 - 100, default = 12). | integer | Minimum value: 2 Maximum value: 100 |
stream-based-uncompressed-limit | Maximum stream-based uncompressed data size that will be scanned (MB, 0 = unlimited (default). Stream-based uncompression used only under certain conditions.). | integer | Minimum value: 0 Maximum value: 4294967295 |
scan-bzip2 | Enable/disable scanning of BZip2 compressed files. enable: Enable setting. disable: Disable setting. |
option | - |
block-page-status-code | Code number returned for blocked HTTP pages (non-FortiGuard only) (100 - 599, default = 403). | integer | Minimum value: 100 Maximum value: 599 |
retry-count | Number of attempts to retry HTTP connection (0 - 100, default = 0). | integer | Minimum value: 0 Maximum value: 100 |
tcp-window-type | Specify type of TCP window to use for this protocol. system: Use system default TCP window size for this protocol (Default). static: Manually specify TCP window size. dynamic: Vary TCP window size based on available memory, within limits. |
option | - |
tcp-window-minimum | Minimum dynamic TCP window size (default = 128KB). | integer | Minimum value: 65536 Maximum value: 1048576 |
tcp-window-maximum | Maximum dynamic TCP window size (default = 8MB). | integer | Minimum value: 1048576 Maximum value: 33554432 |
tcp-window-size | Set TCP static window size (default = 256KB). | integer | Minimum value: 65536 Maximum value: 33554432 |
ssl-offloaded | SSL decryption and encryption performed by an external device. no: SSL decryption and encryption performed by FortiGate when deep-inspection is enabled. yes: SSL decryption and encryption performed by an external device. |
option | - |
Parameter Name | Description | Type | Size |
---|---|---|---|
ports | Ports to scan for content (1 - 65535, default = 21). | integer | Minimum value: 1 Maximum value: 65535 |
status | Enable/disable the active status of scanning for this protocol. enable: Enable setting. disable: Disable setting. |
option | - |
inspect-all | Enable/disable the inspection of all ports for the protocol. enable: Enable setting. disable: Disable setting. |
option | - |
options | One or more options that can be applied to the session. clientcomfort: Prevent client timeout. oversize: Block oversized file/email. splice: Enable splice mode. bypass-rest-command: Bypass REST command. bypass-mode-command: Bypass MODE command. |
option | - |
comfort-interval | Period of time between start, or last transmission, and the next client comfort transmission of data (1 - 900 sec, default = 10). | integer | Minimum value: 1 Maximum value: 900 |
comfort-amount | Amount of data to send in a transmission for client comforting (1 - 65535 bytes, default = 1). | integer | Minimum value: 1 Maximum value: 65535 |
oversize-limit | Maximum in-memory file size that can be scanned (1 - 383 MB, default = 10). | integer | Minimum value: 1 Maximum value: 6446 |
uncompressed-oversize-limit | Maximum in-memory uncompressed file size that can be scanned (0 - 383 MB, 0 = unlimited, default = 10). | integer | Minimum value: 0 Maximum value: 6446 |
uncompressed-nest-limit | Maximum nested levels of compression that can be uncompressed and scanned (2 - 100, default = 12). | integer | Minimum value: 2 Maximum value: 100 |
scan-bzip2 | Enable/disable scanning of BZip2 compressed files. enable: Enable setting. disable: Disable setting. |
option | - |
ssl-offloaded | SSL decryption and encryption performed by an external device. no: SSL decryption and encryption performed by FortiGate when deep-inspection is enabled. yes: SSL decryption and encryption performed by an external device. |
option | - |
Parameter Name | Description | Type | Size |
---|---|---|---|
ports | Ports to scan for content (1 - 65535, default = 143). | integer | Minimum value: 1 Maximum value: 65535 |
status | Enable/disable the active status of scanning for this protocol. enable: Enable setting. disable: Disable setting. |
option | - |
inspect-all | Enable/disable the inspection of all ports for the protocol. enable: Enable setting. disable: Disable setting. |
option | - |
options | One or more options that can be applied to the session. fragmail: Pass fragmented email. oversize: Block oversized file/email. |
option | - |
oversize-limit | Maximum in-memory file size that can be scanned (1 - 383 MB, default = 10). | integer | Minimum value: 1 Maximum value: 6446 |
uncompressed-oversize-limit | Maximum in-memory uncompressed file size that can be scanned (0 - 383 MB, 0 = unlimited, default = 10). | integer | Minimum value: 0 Maximum value: 6446 |
uncompressed-nest-limit | Maximum nested levels of compression that can be uncompressed and scanned (2 - 100, default = 12). | integer | Minimum value: 2 Maximum value: 100 |
scan-bzip2 | Enable/disable scanning of BZip2 compressed files. enable: Enable setting. disable: Disable setting. |
option | - |
ssl-offloaded | SSL decryption and encryption performed by an external device. no: SSL decryption and encryption performed by FortiGate when deep-inspection is enabled. yes: SSL decryption and encryption performed by an external device. |
option | - |
Parameter Name | Description | Type | Size |
---|---|---|---|
ports | Ports to scan for content (1 - 65535, default = 135). | integer | Minimum value: 1 Maximum value: 65535 |
status | Enable/disable the active status of scanning for this protocol. enable: Enable setting. disable: Disable setting. |
option | - |
options | One or more options that can be applied to the session. fragmail: Pass fragmented email. oversize: Block oversized file/email. |
option | - |
oversize-limit | Maximum in-memory file size that can be scanned (1 - 383 MB, default = 10). | integer | Minimum value: 1 Maximum value: 6446 |
uncompressed-oversize-limit | Maximum in-memory uncompressed file size that can be scanned (0 - 383 MB, 0 = unlimited, default = 10). | integer | Minimum value: 0 Maximum value: 6446 |
uncompressed-nest-limit | Maximum nested levels of compression that can be uncompressed and scanned (2 - 100, default = 12). | integer | Minimum value: 2 Maximum value: 100 |
scan-bzip2 | Enable/disable scanning of BZip2 compressed files. enable: Enable setting. disable: Disable setting. |
option | - |
Parameter Name | Description | Type | Size |
---|---|---|---|
ports | Ports to scan for content (1 - 65535, default = 110). | integer | Minimum value: 1 Maximum value: 65535 |
status | Enable/disable the active status of scanning for this protocol. enable: Enable setting. disable: Disable setting. |
option | - |
inspect-all | Enable/disable the inspection of all ports for the protocol. enable: Enable setting. disable: Disable setting. |
option | - |
options | One or more options that can be applied to the session. fragmail: Pass fragmented email. oversize: Block oversized file/email. |
option | - |
oversize-limit | Maximum in-memory file size that can be scanned (1 - 383 MB, default = 10). | integer | Minimum value: 1 Maximum value: 6446 |
uncompressed-oversize-limit | Maximum in-memory uncompressed file size that can be scanned (0 - 383 MB, 0 = unlimited, default = 10). | integer | Minimum value: 0 Maximum value: 6446 |
uncompressed-nest-limit | Maximum nested levels of compression that can be uncompressed and scanned (2 - 100, default = 12). | integer | Minimum value: 2 Maximum value: 100 |
scan-bzip2 | Enable/disable scanning of BZip2 compressed files. enable: Enable setting. disable: Disable setting. |
option | - |
ssl-offloaded | SSL decryption and encryption performed by an external device. no: SSL decryption and encryption performed by FortiGate when deep-inspection is enabled. yes: SSL decryption and encryption performed by an external device. |
option | - |
Parameter Name | Description | Type | Size |
---|---|---|---|
ports | Ports to scan for content (1 - 65535, default = 25). | integer | Minimum value: 1 Maximum value: 65535 |
status | Enable/disable the active status of scanning for this protocol. enable: Enable setting. disable: Disable setting. |
option | - |
inspect-all | Enable/disable the inspection of all ports for the protocol. enable: Enable setting. disable: Disable setting. |
option | - |
options | One or more options that can be applied to the session. fragmail: Pass fragmented email. oversize: Block oversized file/email. splice: Enable splice mode. |
option | - |
oversize-limit | Maximum in-memory file size that can be scanned (1 - 383 MB, default = 10). | integer | Minimum value: 1 Maximum value: 6446 |
uncompressed-oversize-limit | Maximum in-memory uncompressed file size that can be scanned (0 - 383 MB, 0 = unlimited, default = 10). | integer | Minimum value: 0 Maximum value: 6446 |
uncompressed-nest-limit | Maximum nested levels of compression that can be uncompressed and scanned (2 - 100, default = 12). | integer | Minimum value: 2 Maximum value: 100 |
scan-bzip2 | Enable/disable scanning of BZip2 compressed files. enable: Enable setting. disable: Disable setting. |
option | - |
server-busy | Enable/disable SMTP server busy when server not available. enable: Enable setting. disable: Disable setting. |
option | - |
ssl-offloaded | SSL decryption and encryption performed by an external device. no: SSL decryption and encryption performed by FortiGate when deep-inspection is enabled. yes: SSL decryption and encryption performed by an external device. |
option | - |
Parameter Name | Description | Type | Size |
---|---|---|---|
ports | Ports to scan for content (1 - 65535, default = 119). | integer | Minimum value: 1 Maximum value: 65535 |
status | Enable/disable the active status of scanning for this protocol. enable: Enable setting. disable: Disable setting. |
option | - |
inspect-all | Enable/disable the inspection of all ports for the protocol. enable: Enable setting. disable: Disable setting. |
option | - |
options | One or more options that can be applied to the session. oversize: Block oversized file/email. splice: Enable splice mode. |
option | - |
oversize-limit | Maximum in-memory file size that can be scanned (1 - 383 MB, default = 10). | integer | Minimum value: 1 Maximum value: 6446 |
uncompressed-oversize-limit | Maximum in-memory uncompressed file size that can be scanned (0 - 383 MB, 0 = unlimited, default = 10). | integer | Minimum value: 0 Maximum value: 6446 |
uncompressed-nest-limit | Maximum nested levels of compression that can be uncompressed and scanned (2 - 100, default = 12). | integer | Minimum value: 2 Maximum value: 100 |
scan-bzip2 | Enable/disable scanning of BZip2 compressed files. enable: Enable setting. disable: Disable setting. |
option | - |
Parameter Name | Description | Type | Size |
---|---|---|---|
options | One or more options that can be applied to the session. oversize: Block oversized file/email. clientcomfort: Prevent client timeout. servercomfort: Prevent server timeout. |
option | - |
comfort-interval | Period of time between start, or last transmission, and the next client comfort transmission of data (1 - 900 sec, default = 10). | integer | Minimum value: 1 Maximum value: 900 |
comfort-amount | Amount of data to send in a transmission for client comforting (1 - 65535 bytes, default = 1). | integer | Minimum value: 1 Maximum value: 65535 |
oversize-limit | Maximum in-memory file size that can be scanned (1 - 383 MB, default = 10). | integer | Minimum value: 1 Maximum value: 6446 |
uncompressed-oversize-limit | Maximum in-memory uncompressed file size that can be scanned (0 - 383 MB, 0 = unlimited, default = 10). | integer | Minimum value: 0 Maximum value: 6446 |
uncompressed-nest-limit | Maximum nested levels of compression that can be uncompressed and scanned (2 - 100, default = 12). | integer | Minimum value: 2 Maximum value: 100 |
scan-bzip2 | Enable/disable scanning of BZip2 compressed files. enable: Enable setting. disable: Disable setting. |
option | - |
Parameter Name | Description | Type | Size |
---|---|---|---|
ports | Ports to scan for content (1 - 65535, default = 53). | integer | Minimum value: 1 Maximum value: 65535 |
status | Enable/disable the active status of scanning for this protocol. enable: Enable setting. disable: Disable setting. |
option | - |
Parameter Name | Description | Type | Size |
---|---|---|---|
ports | Ports to scan for content (1 - 65535, default = 445). | integer | Minimum value: 1 Maximum value: 65535 |
status | Enable/disable the active status of scanning for this protocol. enable: Enable setting. disable: Disable setting. |
option | - |
Parameter Name | Description | Type | Size |
---|---|---|---|
status | Enable/disable adding an email signature to SMTP email messages as they pass through the FortiGate. disable: Disable mail signature. enable: Enable mail signature. |
option | - |
signature | Email signature to be added to outgoing email (if the signature contains spaces, enclose with quotation marks). | string | Maximum length: 1023 |